Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 2, 2014, 01:48 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach




A breach of Apple's iCloud and Find My iPhone service was not involved in the recent hacking incident that saw the private photos and videos of several celebrities leaked onto the Internet, according to a press release just issued by Apple.

Instead, celebrity iCloud accounts were compromised by a targeted attack on user names, passwords, and security questions.
Quote:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud(R) or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material, which quickly led to accusations of a flaw in iCloud as the reason for the leak.

Apple announced plans to launch an investigation into the matter on Monday, after a tool surfaced on Github that could have potentially allowed hackers to brute force their way into accounts via a security flaw in Find My iPhone. Though this tool allowed for multiple attempts to enter a password without being locked out of an account, it appears that it was not a factor in the recent hacking of celebrity accounts due to Apple's statement that Find My iPhone was not involved.

Apple suggests that all iCloud/Apple ID users should have a strong password and enable two-step verification to avoid similar hacking attempts.

Article Link: Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach
MacRumors is offline   8 Reply With Quote
Old Sep 2, 2014, 01:49 PM   #2
Creep89
macrumors regular
 
Join Date: Mar 2012
Oh, surprise.


Not.
Creep89 is offline   17 Reply With Quote
Old Sep 2, 2014, 01:49 PM   #3
taptic
macrumors 65816
 
taptic's Avatar
 
Join Date: Dec 2012
Location: California
All looks and no brains...
__________________
If you want a cool new feature on a Samsung phone, just suggest it to Apple.
taptic is offline   45 Reply With Quote
Old Sep 2, 2014, 01:49 PM   #4
Mark-Technology
macrumors member
 
Join Date: Nov 2011
Sigh...go figure.
Mark-Technology is offline   3 Reply With Quote
Old Sep 2, 2014, 01:50 PM   #5
TheKrs1
macrumors 6502
 
Join Date: Apr 2010
I highly doubt that they would lie about this. It does make me feel better about my personal, less at risk, privacy.
TheKrs1 is offline   3 Reply With Quote
Old Sep 2, 2014, 01:50 PM   #6
nfl46
macrumors 601
 
nfl46's Avatar
 
Join Date: Oct 2008
I'm not surprised. Most of us, who aren't celebrities, care more about security than celebrities do. I bet they had easy passwords, and most of their security questions answers could be found on Google.
__________________
| 16GB Moto X | 16GB Apple iPhone 6 Plus | 13" MacBook Pro | 2nd Generation Apple TV |
nfl46 is offline   11 Reply With Quote
Old Sep 2, 2014, 01:50 PM   #7
maflynn
Moderator
 
maflynn's Avatar
 
Join Date: May 2009
Location: Boston
Sad that too many folks rely on simple passwords, regardless of their position in life.
__________________
~Mike Flynn
maflynn is online now   8 Reply With Quote
Old Sep 2, 2014, 01:50 PM   #8
BasicGreatGuy
macrumors 68000
 
BasicGreatGuy's Avatar
 
Join Date: Sep 2012
Location: Atlanta, Ga.
Not surprised. I hope those affected learned their lesson. They should seriously consider purchasing 1Password and get into the habit of safe guarding their accounts in a more secure and proactive manner.
__________________
The Bill of Rights is not a Bill of Loopholes.
BasicGreatGuy is offline   8 Reply With Quote
Old Sep 2, 2014, 01:50 PM   #9
SMIDG3T
macrumors 65816
 
SMIDG3T's Avatar
 
Join Date: Apr 2012
Location: England
Serves them right having such a weak password.

I bet "password" or "abc123" were used.

What do you expect "celebrities"? I knew iCloud was stronger than that.
__________________
iPhone 6 | 64GB | Space Grey | iOS 8.1

MacBook Pro w/ Retina display | Late 2013 Model | OS X Yosemite 10.10
SMIDG3T is offline   15 Reply With Quote
Old Sep 2, 2014, 01:51 PM   #10
neuropsychguy
macrumors 6502
 
Join Date: Sep 2008
What!? My password oscar4me wasn't good enough?

/I know a lot of very intelligent people who use simple passwords and I'm not blaming the victims but we need a strong campaign educating people about what are and are not good passwords. Apple's work with suggested passwords is a great start (if only people will use it).

Last edited by neuropsychguy; Sep 2, 2014 at 01:57 PM.
neuropsychguy is offline   36 Reply With Quote
Old Sep 2, 2014, 01:51 PM   #11
gotluck
macrumors 68040
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
if it was a breach (brute force), would apple actually admit it?

wouldn't a third party have to prove it was a breach for apple to admit it?

the same would hold true for any company, not just apple

why would any company take the heat if they didn't have to?
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - iPhone 4 6.1 JB
gotluck is offline   17 Reply With Quote
Old Sep 2, 2014, 01:51 PM   #12
grimmace
macrumors regular
 
Join Date: Feb 2003
Location: Boston
Why would a celebrity even have nude photos on their device? I guess they just like to take photos of themselves. (stup).
__________________
Macbook Pro - 2.8 Ghz 7200rpm
Mac Pro - 3.5GHz 6-Core Intel Xeon E5
iPhone 6
iPad Air
grimmace is offline   2 Reply With Quote
Old Sep 2, 2014, 01:51 PM   #13
MacGeek1987
macrumors regular
 
Join Date: Sep 2012
Location: New Hampshire, USA
"Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months" - Clifford Stoll
__________________
27" iMac (Late 2013), 3.5 GHz i7, 8GB RAM, 1TB Fusion Drive, GeForce GTX 780M 4GB;
15" Macbook Pro (Mid 2010), 2.4 GHz i5, 8GB RAM, 500GB SSD, GeForce GT 320M 256MB; iPhone 6+ 64GB;
MacGeek1987 is offline   12 Reply With Quote
Old Sep 2, 2014, 01:51 PM   #14
1Zach1
macrumors 6502a
 
Join Date: Feb 2008
Location: Northern Va
And yet still the only ones to blame in this situation are the hackers.
__________________
Canon and Mac
1Zach1 is offline   8 Reply With Quote
Old Sep 2, 2014, 01:52 PM   #15
gibbz
macrumors 68030
 
gibbz's Avatar
 
Join Date: May 2007
Location: National Weather Center
Send a message via AIM to gibbz
Quote:
Originally Posted by DShap5 View Post
All looks and no brains...
Clearly only women use weak passwords

How about we stop victim-shaming people, celebrity or not?
__________________
64GB SG iPad Air 32GB Black iPhone 5
MP 8x2.8/16GB MP 8x2.93/32GB/2x24" MBA 1.7/8GB/256GB 2013 rMBP 16GB/512GB
Jeremy Gibbs | Gibbz
gibbz is offline   53 Reply With Quote
Old Sep 2, 2014, 01:52 PM   #16
Doctor Q
Administrator
 
Doctor Q's Avatar
 
Join Date: Sep 2002
Location: Los Angeles
Now all the fun is spoiled. So many media outlets get attention by Apple-bashing without waiting for the facts.

I wonder how many of them will post retractions as prominent as their accusations?
__________________
Oh do pay attention 007. In the wrong hands, this cylindrical 12-core Mac Pro with three 4K displays, FirePro graphics, and Thunderbolt 2 could be very dangerous.
Doctor Q is offline   24 Reply With Quote
Old Sep 2, 2014, 01:52 PM   #17
Analog Kid
macrumors 68030
 
Analog Kid's Avatar
 
Join Date: Mar 2003
The key phrase here for me is "and security questions". Most of those questions are biographical, and most celebrity biographies are well known.

I've always thought it was silly to say that the name of my high school was a security question-- there is nothing secure about that information.
__________________
Only trolls use the word "fanboy".
Analog Kid is offline   22 Reply With Quote
Old Sep 2, 2014, 01:52 PM   #18
samcraig
macrumors G5
 
Join Date: Jun 2009
Quote:
Originally Posted by SMIDG3T View Post
Serves them right having such a weak password.

I bet "password" or "abc123" were used.

What do you expect "celebrities"? I knew iCloud was stronger than that.
So you're going to blame the victim?
samcraig is online now   20 Reply With Quote
Old Sep 2, 2014, 01:53 PM   #19
Mark-Technology
macrumors member
 
Join Date: Nov 2011
Still doesn't matter; saw boobs.
Mark-Technology is offline   29 Reply With Quote
Old Sep 2, 2014, 01:53 PM   #20
Nyy8
macrumors 6502
 
Join Date: Jun 2011
Location: New England
Watch the celebrities now blame their assistances
__________________
iPad 2 16GB, iPhone 5S Space Grey 16GB,
iMac 21.5 inch, 2.5 GHz Core i5, 4GB RAM, 500GB HD
Nyy8 is offline   5 Reply With Quote
Old Sep 2, 2014, 01:53 PM   #21
maflynn
Moderator
 
maflynn's Avatar
 
Join Date: May 2009
Location: Boston
Quote:
Originally Posted by SMIDG3T View Post
Serves them right having such a weak password.
No it doesn't. Why relish in something bad happening to someone just because they're a celebrity.
__________________
~Mike Flynn
maflynn is online now   20 Reply With Quote
Old Sep 2, 2014, 01:53 PM   #22
saving107
macrumors 603
 
saving107's Avatar
 
Join Date: Oct 2007
Location: San Jose, Ca
One thing I learned a long time ago is that when the security question says Example: "What's your favorite food", you don't answer it with Pizza or something someone can eventually guess, you answer it completely off like "sky" or "green".

Also setting up 2-Step Verification on https://appleid.apple.com would help.
saving107 is offline   10 Reply With Quote
Old Sep 2, 2014, 01:53 PM   #23
nfl46
macrumors 601
 
nfl46's Avatar
 
Join Date: Oct 2008
Quote:
Originally Posted by grimmace View Post
Why would a celebrity even have nude photos on their device? I guess they just like to take photos of themselves. (stup).
Just like the average person would. Since they have a pass lock on it, they think its secure. Yeah, right. If you take a nude on your cellphone, there's a chance anyone can get it.
__________________
| 16GB Moto X | 16GB Apple iPhone 6 Plus | 13" MacBook Pro | 2nd Generation Apple TV |
nfl46 is offline   2 Reply With Quote
Old Sep 2, 2014, 01:53 PM   #24
Rogifan
macrumors G3
 
Rogifan's Avatar
 
Join Date: Nov 2011
Quote:
Originally Posted by Analog Kid View Post
The key phrase here for me is "and security questions". Most of those questions are biographical, and most celebrity biographies are well known.

I've always thought it was silly to say that the name of my high school was a security question-- there is nothing secure about that information.
Make something up?
__________________
"I have a very optimistic view of individuals. As individuals, people are inherently good. I have a somewhat more pessimistic view of people in groups." -- Steve Jobs , Wired interview
Rogifan is offline   1 Reply With Quote
Old Sep 2, 2014, 01:53 PM   #25
brianbunge
macrumors regular
 
Join Date: Aug 2011
Sadly, the same thing happened to my daughter (no pics, just account hacked) by two idiot teenagers being *******s. They were able to guess the answers to her security questions and changed her password. Then they used that to hack all her social media accounts.
brianbunge is offline   4 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 08:44 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC